# syria-debug.github.io — MALICIOUS

> PhishDestroy identifies syria-debug.github.io as an active credential harvesting phishing site. Flagged by 8 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies syria-debug.github.io as a credential harvesting phishing site currently active as of the latest threat intelligence analysis. This domain is impersonating a debugging or technical support interface for Syria-related services, likely aiming to deceive users into entering sensitive credentials. The threat is classified as elevated due to active propagation and the presence of multiple detection mechanisms.


This domain, registered through GitHub, Inc., was flagged by 8 of 95 VirusTotal security vendors, blocked by OpenPhish, and appears on 1 security blocklist. It resolves to IP 185.199.108.153 and utilizes a Let's Encrypt SSL certificate. While specific creation date is not provided in this dataset, the domain’s infrastructure and detection metrics indicate recent deployment. Open-source intelligence suggests this domain leverages GitHub Pages hosting to lend false legitimacy to the phishing lure, a common tactic in modern credential harvesting campaigns.


The phishing site remains active at the time of this report, posing an immediate risk to users who may interact with domain content. PhishDestroy strongly advises immediate blacklisting of syria-debug.github.io in organizational and personal security filters. Users are cautioned not to enter any credentials or personal information on this domain. Network defenders should inspect DNS logs for connections to 185.199.108.153 and scan endpoints for signs of credential exposure or follow-on compromise. Continuous monitoring is recommended due to the evolving nature of GitHub-hosted phishing campaigns and the potential for lateral movement within affected networks.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: GitHub, Inc.
- IP: 185.199.108.153

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OpenPhish"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/47e3ef5c-4dca-40e0-bf12-8c98fdafa931
- PhishDestroy: https://phishdestroy.io/domain/syria-debug.github.io/
- LLM endpoint: https://phishdestroy.io/domain/syria-debug.github.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/syria-debug.github.io/
Last updated: 2026-03-31